HEI Hotels Reports Data Breach at Starwood, Marriott, Hyatt Properties

Twenty hotels operated by privately-held HEI Hotels & Resorts were hit by a data breach earlier this year, possibly exposing guests’ credit card data. HEI reported on Sunday that tens of thousands of transactions at Starwood, Marriott, Hyatt, and IHG properties could have been exposed to malware found on HEI’s systems.

The data breach was discovered by HEI in June of this year. An HEI representative stated that the malware found was designed to collect credit card data, and was targeting payment systems used at restaurants, bars, shops, health spas, and other businesses located on the same site as the hotels.

In all, the data breach impacted 20 HEI hotels—12 Starwood properties, six Marriott properties, one Hyatt property, and one InterContinental hotel. The malware was active on HEI’s systems from March 1, 2015 to June 21, 2016.

Among the information potentially exposed, HEI stated that data breach experts investigated the incident, and determined customer names, account numbers, expiration dates, and security codes may have been stolen. However, PIN numbers were not subjected to the hack.

Starwood locations affected include Westin properties in Minneapolis, MN; Pasadena, CA; Philadelphia, PA; Snowmass, CO; Washington, DC; and Fort Lauderdale, FL. Other affected properties included Starwood hotels in Arlington, VA; Manchester Village, VT; San Francisco, CA; Miami, FL; and Nashville, TN.

Breached hotels under the Marriott brand include Boca Raton, FL; Dallas-Fort Worth, TX; Chicago, IL; San Diego, CA; and Minneapolis, MN. Also affected were the Hyatt Centric Santa Barbara and the IHG Intercontinental in Tampa, FL.

HEI Hotels & Resorts has since informed federal authorities of the data breach, and has installed new payment processing systems. For more information about the incident at the above properties, or if you believe your payment information may be at risk, read HEI’s official statement.